Ubuntu
openssl package

TLS 1.1 and 1.2 renegotiation failure

Bug #1020621 reported by Marc Deslauriers
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenSSL
Fix Released
Unknown
openssl (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Marc Deslauriers
Quantal
Fix Released
Undecided
Unassigned

Bug Description

Openssl renegotiation is broken with tls 1.1 and 1.2:

openssl s_server
and s_client

press R
the result is:

RENEGOTIATING
140543847671464:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

http://cvs.openssl.org/chngview?cn=22567

Changed in openssl:
importance: Unknown → Undecided
status: Unknown → New
importance: Undecided → Unknown
status: New → Unknown
Changed in openssl (Ubuntu Quantal):
status: New → Fix Committed
status: Fix Committed → Fix Released
Changed in openssl (Ubuntu Precise):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Bug Watch Updater (bug-watch-updater)
Changed in openssl:
status: Unknown → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

test-openssl.py in qa-regression-testing will now test tls1.1 renegotiation.

SRU team:

This is a security update that has been copied to -proposed to get more testing. This needs to be released by the security team.

Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Precise):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.3

---------------
openssl (1.0.1-4ubuntu5.3) precise-security; urgency=low

  * SECURITY UPDATE: SSL_OP_ALL incorrectly disables TLS 1.1 (LP: #1018998)
    - debian/patches/lp1018998.patch: change SSL_OP_NO_TLSv1_1 from
      0x00000400L to 0x10000000L as in 1.0.1b to prevent applications
      compiled with SSL_OP_ALL from incorrectly disabling TLS 1.1.
  * debian/patches/lp1020621.patch: Make renegotiation work for TLS 1.2, 1.1
    by not using a lower record version client hello workaround if
    renegotiating. (LP: #1020621)
 -- Marc Deslauriers <email address hidden> Tue, 03 Jul 2012 11:36:01 -0400

Changed in openssl (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.